Various services may be anycasted in different locations by simultaneously announcing the same destination Internet protocol (“IP”) address range from different places on the Internet. For a given service, the traffic of a single source IP sender is routed to the topologically-nearest server. Thus, at a given time, the traffic of a single, non-spoofed source IP sender may be seen at a single server. However, when the source IP is spoofed, the traffic of multiple, spoofed source IP senders may be seen at multiple servers simultaneously. Source IP spoofing may be used to (1) hide the identity of an attacker and/or (2) direct the traffic to the victim (e.g., in a reflection attack). Therefore, it is desirable to develop systems and methods that provide detection of anycast-based spoofed traffic.